CVE-2013-1976

CWE-595 documents5 sources
Severity
6.9MEDIUM
EPSS
0.0%
top 90.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Enterprise LinuxRedhat Jboss Enterprise WEB Server
Timeline
PublishedJul 9
Latest updateMay 14

Description

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

Also affects: Enterprise Linux 5, 6.0

🔴Vulnerability Details

2
GHSA
GHSA-q878-9wf9-424m: The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 12022-05-14
CVEList
CVE-2013-1976: The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 12013-07-09

📋Vendor Advisories

1
Red Hat
tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)2013-05-28

💬Community

1
Bugzilla
CVE-2013-1976 tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)2013-03-26
CVE-2013-1976 (MEDIUM CVSS 6.9) | The (1) tomcat5 | cvebase.io